Monday, May 8, 2017

OpenStack Summit 2017 - Monday Keynotes

 Monday Keynotes

Remotely Managed Clouds
  • About 30 public cloud providers running OpenStack
PAS Tools Running Today
  1. Kubernetes (45%)
  2. Openshift (17%)
  3. Cloudfoundry (17%)
GE Healthcare Enterprise Applications
Keys to cloud success
  • Everyone must be at the table 
  • No is not an option (problem solvers)
  • Target the impossible

200+ controls supporting security & compliance since 2015

Remotely managed Requirements
  • need to access internal applications
  • Secure platform to host private or sensitive data
  • Reuse automation for compliance and cost

Private CaaS Benefits
  • Reuse enabled our speed to implement and manage environment
  • Seamless interaction with our provider
  • OpenStack allows us to tailor solution
  • Open source = no vendor lock-in

Edge Computing

Use Cases:
  • Oil Rigs
  • Manufacturing
  • Self-Driving Cars

  • Unified management across the network
  • Ability to move workloads between edge and core
  • Seamless customer experience
  • Flexible toolset delivers new services quickly
  • Vendor release coordination

Built Hosted Network Service Platform - Cloud in a box

 (impressive demo)

US Army Cyber School
  • Trains 500 students annually in problem solving within the Cyber domain
  • Using GitHub flow, changed deployment time from 12-18 months to 12-18 hours

IaaS: Broadband Handrail (BB-H)
  • Global, secure access for individual skills training
  • Courseware updated on demand by instructors
  • IaaS + Automation + CM + DevOps + Everything-as-code

(demo of CI pipeline)

(fun comic book video)

  • Managed Open Cloud must be built following the vertical design pattern of public clouds
  • Mist be maintained on a continuous synchronized cycled with all components (vertically)
  • Must be delivered as-a-service to foce the focus on solving the right customer problems

Announcement:  New global partnership with Fujitsu

DirectTV & AT&T Entertainment Group
(violence, your way) -dstaffel
  • Some confusing slides for Next Gen Video Platform (photo)

Using Openstack (Mitaka) for:
  • Content Processing
    • Encode
    • Encryption
  • Business Applications
  • Content Ingest

  • Using Heat Templates for CICD
  • K8S / Docker
  • Microservices
  • Hybrid Cloud

  • Containers/ Baremetal
  • Function as a Service
  • Serverless Computing
  • More K8S
  • Seamless Hybrid Clouds

(application demo) - on Apple TV


EBay (multicloud)

Cloud Stats (as of Q1-2017)
  • 167k VMs
  • 13PB Storage
  • 68k managed BMs
  • 95% traffic on cloud
  • 4k applications
  • 100B URLs per day

Why Kubernetes?
  • App centric
  • open source
  • container support
  • model driven
  • declarative
  • active community
  • sophisticated scheduling
  • geo federation (multi-datacenter)

Kubernetes today at eBay:
  • 22k cores
  • 6 availability zones
  • 178 apps
  • 4.2k pods
  • Support for bare metal, GPUs, VMs
  • Powered by OpenStack

Some workloads:
  • AI Platform
  • Elastic Search
  • Edge Services Stack
  • Kafka
  • Network Automation
  • Distributed NoSQL

Some challenges:
  • Multi Tenancy
  • Logging & Monitoring Integration
  • Application LCM
  • Application Security
  • High Availability
  • App CMDB Model
  • OpenStack, Compute, Storage, Network Integration
  • Security Standards
  • Container Registry

Introducing: TessMaster
  • Full lifecycle management of Kubernetes clusters across multiple providers (on OpenStack)
    • Model Driven
    • Declarative
    • Built on the Same Principles as K8s
    • Closed Loop
    • State Aware
    • Self Healing
    • Drift Proof

( live demo)

  • Designed to be Multi Provider
  • Currently implemented for VirtualBox and OpenStack
  • Open source in the next few months

Q&A with Jim Whitehurst (CEO RedHat)
  • Before RedHat he was COO at Delta Airlines
  • Much more open culture with RedHat
  • Originally RedHat was a Xen developer, fragmented into many flavors
  • Switched to KVM because a single open upstream community


Data from OS User Survey:
  • 66% of OpenStack deployments are in production

Top 3 reasons orgs use OpenStack:
  1. Avoid Vendor Lock In
  2. Accelerate Innovation
  3. Increase Operational Efficiency


Neutron: ML2 plugin for OVS with OVN edge agents
Production Deployment: Triple-O and HEAT

Daniela Rus
Director of the Computer Science and AI Laboratory

Friday, December 2, 2016

New Official Plex Plugin for Kodi Available

Plex announced a few days ago that they are releasing a fully supported plugin for Kodi.  This is great and also kind of funny because they both spawned from the same Open Source roots.  Over 10 years ago now, those of us with modded Xbox consoles were happy to use Xbox Media Center (XBMC) as an app to turn our game consoles into very powerful media players.  The project became so popular that XBMC was ported to Linux and other operating systems.  They actually kept the XBMC name for a while until recently changing the name to Kodi.

Kodi has become more popular in the past few years for nefarious reasons, as it is also a popular platform for streaming pirated content from the internet.  In addition to Kodi's many features as a media player, Kodi can provide a pretty front end for many advanced Add-Ons that are written using Python.  Many people have written specialized add-ons that will scrape internet sources for file share sites that have copies of pirated television and movies.  These sites are often filled with malware and ads and are dangerous to use directly.  The add-on developers have basically done all of the dirty work for you so that you can easily search and stream from these online sources.  That's all well and good, but anyone who has used these Add-Ons will tell you that the scraping process is extremely slow and many of the streams are sub-par quality with subtitles from different languages often burned into your videos.

Why would you want to run Plex within Kodi?  Isn't that superfluous since they both are basically media players?  One reason is to use Kodi's built in AirPlay server to stream content from your Apple Devices, while watching a movie in Plex.  Another is the vast array of customization that Kodi allows within it's interface.  You also might be a Python developer and want the ability to program your own custom Add-Ons.   Now you don't have to close Kodi in order to run Plex.  It's definitely a welcome change and I would consider it a Win-Win for both Plex and Kodi users.

Friday, November 18, 2016

Cheap and Free DNS Hosting (updated)

Google Cloud DNS

So a few months ago I decided to stop paying over $25 a year for DNS hosting from my old provider, DynDNS, and move to something a little cheaper.  The first place I choose to look was Google hosted DNS.  This Google Cloud DNS service runs on the Google Compute Engine and was immensely cheap at $0.60 per month.

Update: Google Cloud DNS is also well positioned to handle DDoS attacks with their massive infrastructure.  Depending on the size of the attack, (number of queries) you may be charged a bit extra for absorbing all of that traffic.  Although judging from these very low costs per BILLION hits, I don't think it would be very much of a worry.  Also, for the security conscious administrators out there, Cloud DNS also has Alpha support for DNSSEC, along with the industry standard RSA.  You can sign up for the Alpha here:

Cloudflare Managed DNS

Then this week I found out about Cloudflare.  I've heard of them and seen in the news how they can protect web sites from DDoS attacks.  I thought it was just a gateway of some sort.  Now that I have visited their site I am a little more informed.  Not only are they a managed DNS provider but they are a global CDN that has many security and optimization features.  Best of all, they have a free tier that includes managed DNS and a handful of their most popular services.  I really dig the fact I was given a free auto-renewing wildcard SSL certificate for my site.  Check them out if you're looking for a free and feature packed option.

Update: Cloudflare also supports DNSSEC using ECDSA and NSEC with white lies.  I hear through the grapevine that this works most of the time, but some resolvers might not support this method.  It should definitely be taken into consideration before rolling DNSSEC into production.

Also, digging a little deeper into the limitations of the free DDoS protection for your website.  They are a little vague as to the specifics, saying "Basic DDoS protection is limited in our Free and Pro plans, and based on the attack's disturbance to our network."  So who knows what the limit is!